Knowledge Base & Discussion Forum

How can I bypass an SSL certificate error during replication

Discuss technical questions on AhsayRPS

Moderator: Support Team

How can I bypass an SSL certificate error during replication

Postby bobble14988 » Sat Dec 22, 2012 1:04 am

I'm trying to set up replication between an OBS and an RPS server.

I'm using the port I configured for HTTP (not HTTPS) yet I am getting the following connection error:

[SendHandler.connect][Unable to connnect] [IOException] Reason=[SSLSocketJVM14.getSSLSocket] Hostname verifying failed. sDNSname='xx.xxx.xxx.xxx' doesn't match any name on the SSL certificate. Session=[Session-1, SSL_NULL_WITH_NULL_NULL][IOException] Reason=[SendHandler.connect][Unable to connnect] [IOException] Reason=[SSLSocketJVM14.getSSLSocket] Hostname verifying failed. sDNSname='xx.xxx.xxx.xxx' doesn't match any name on the SSL certificate. Session=[Session-1, SSL_NULL_WITH_NULL_NULL]

Any ideas how to get around this?
bobble14988
 
Posts: 27
Joined: Fri Aug 19, 2011 11:08 pm

Postby millhaus » Thu Dec 27, 2012 8:23 pm

On our testing lab we could create a replication setup between OBS and RPS without using own signed SSL certs.

OBS > Manage System > Replication Config: whats the target hostname? is it a hostname or an IP? try using an IP and an non-defined port (>=1024 like 9445 i.e.)

RPS > Manage Receiver > define IP and port

Or you could try generating a new receiver which shouldn't be using SSL - but I was unable to uncheck the SSL usage. Maybe since the new versions RPS does only work with SSL (https)??? But for improving speed, it would be nice to deactivate the function (if RPS is in the same network segmen, anyway (and no replication via wAN).
millhaus
 
Posts: 279
Joined: Tue Oct 04, 2011 9:57 pm

Postby bobble14988 » Mon Feb 18, 2013 7:40 pm

Hi Millhaus,

I've tried what you suggested, only using an IP with a non-defined port but that failed too.

Cannot select to not use SSL on the newest version of RPS. It is enabled by default.

Don't know why people are still using these products...
bobble14988
 
Posts: 27
Joined: Fri Aug 19, 2011 11:08 pm

Postby guildmage » Thu Jun 20, 2013 12:04 am

Is there any known solution to this.

We have a Ubuntu server running OBS (with SSL cert installed). Clients can connect - simply there are no problems.

We want to replicate data to offsite RPS server (another Ubuntu machine). Now, from the moment we upgraded OBS to latest version replication stopped working. It just shows this error:
Code: Select all
[RPSSender.refreshUnloggedFile][Exception] [SendHandler.connect][Unable to connnect] [IOException] Reason=[SSLSocketJVM14.getSSLSocket] Hostname verifying failed. sDNSname='xxx.xxx.xxx.xxx' doesn't match any name on the SSL certificate. Session=[Session-1, SSL_NULL_WITH_NULL_NULL][IOException] Reason=[SendHandler.connect][Unable to connnect] [IOException] Reason=[SSLSocketJVM14.getSSLSocket] Hostname verifying failed. sDNSname='xxx.xxx.xxx.xxx' doesn't match any name on the SSL certificate. Session=[Session-1, SSL_NULL_WITH_NULL_NULL]


Additionally, our RPS server is showing this in the log:
Code: Select all
1   04:34:01 PM   [replicate][RecvHdlr.PMode.MTH][2013/06/19 16:34:01] Error=[replicate][RecvHdlr.PMode.MTH][2013/06/19 16:34:01][RequestHandler.run] Received fatal alert: certificate_unknown
2   04:34:01 PM   Received 0 byte in 0 sec (0 byte/sec)


What do we have to do to make it to work. On previous version it was working flawlessly. Now it's broken and I'm unsure what to do next?

Should I install the same certificate from OBS into our RPS server? At this moment I believe there is no SSL cert installed at all in RPS - it never was to be honest.

I'm completely lost. I've searched on this ur forum... and there is no clear answer. Additionally there is nothing about it in your manual. I can see in our RPS server that SSL is enabled but it cannot be disabled.

Please help.
Thanks

ps. DNS resolves fine as far as I can see. Is there any workaround to this?
guildmage
 
Posts: 22
Joined: Tue Aug 03, 2010 11:18 pm

Postby guildmage » Thu Jun 20, 2013 12:44 am

OK we got it sorted. Thanks to "londonweb" post (all credit to him)

Replication was not working after we upgraded to latest version of OBS/RPS because latest version is shipped with expired dummy certificate!!!

So we have followed (londonweb's guide):
Dealing with disappointment is unfortunately a key part of being an Ahsay customer, we also had this problem with no advance notice from Ahsay that the server is going to stop working. Not providing any instructions for what to do with the download compounds the problem.

Download: http://download.ahsay.com/support/keystore.zip

1. In relation to the download above, download it, unzip, and there is a file "keystore" within
2. Browse to your Ahsay install directory
3. Open subdirectory "conf"
4. Rename your existing "keystore" file to another name such as "keystore.old" (not an essential but you never know with Ahsay)
5. Copy the downloaded "keystore" file to this directory (to confirm, Ahsay installation directory, subdirectory "conf")
6. Stop your Ahsay services, verify stopped, wait 20 - 30 seconds and then start them, or reboot the server. (I say stop and start because in our experience restarting can cause the web service to hang!)
7. Verify after reboot by opening your Ahsay console on a https connection and view the certificate within your browser of choice to confirm the date of expiry has changed from 2013 to 2018. Your clients should now be able to log in again

Hope this helps more than Ahsay support!


All working now... geez why nobody told us about it.
guildmage
 
Posts: 22
Joined: Tue Aug 03, 2010 11:18 pm


Return to AhsayRPS

Who is online

Users browsing this forum: No registered users and 0 guests

Looking for Rbackup Alternative | Vembu Alternative | Novastor Alternative | Asigra Alternative | BackupAgent Alternative? Try our product.


A wholly owned subsidiary of Ahsay Backup Software Development Company Limited  [HKEx Stock Code: 8290]